search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.59k stars 4.63k forks source link

Terraform Purview resource 'azurerm_purview_account' erroring out adding type = "UserAssigned" #20043

Open ravulachetan opened 1 year ago

ravulachetan commented 1 year ago

Is there an existing issue for this?

Community Note

User Terraform resource as below

resource "azurerm_purview_account" "catalog" { name = "Sample" resource_group_name = "rg location = "eastus" public_network_enabled = true managed_resource_group_name = "managed-rg"

identity { type = "UserAssigned" identity_ids = [azurerm_user_assigned_identity.cat.id] } }

When trying add Managed Identity providing the id; Terraform is failing with error below

Terraform Version

1.3.7

AzureRM Provider Version

3.38.0

Affected Resource(s)/Data Source(s)

azurerm_purview_account

Terraform Configuration Files

resource "azurerm_purview_account" "catalog" {
  name                        = "Sample"
  resource_group_name         = "rg
  location                    = "eastus"
  public_network_enabled      = true
  managed_resource_group_name = "managed-rg"

  identity {
    type = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.cat.id]
  }
}

Debug Output/Panic Output

Error:
**performing CreateOrUpdate: account.AccountClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="1001" Message="PrincipalId is required" Target="PrincipalId" Details=[]**

Expected Behaviour

Purview created with Managed Identity attached

Actual Behaviour

Error: performing CreateOrUpdate: account.AccountClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="1001" Message="PrincipalId is required" Target="PrincipalId" Details=[]

Steps to Reproduce

resource "azurerm_purview_account" "catalog" { name = "Sample" resource_group_name = "rg location = "eastus" public_network_enabled = true managed_resource_group_name = "managed-rg"

identity { type = "UserAssigned" identity_ids = [azurerm_user_assigned_identity.cat.id] } }

Important Factoids

No

References

No response

myc2h6o commented 1 year ago

Hi @RavulaChetan thanks for opening the issue! I tried on Azure portal as well, looks like this property only supports SystemAssigned and SystemAssigned, UserAssigned though it shows UserAssigned on Portal. I think the possible value needs to be updated. I'll be looking into it further.

ravulachetan commented 1 year ago

Thanks @myc2h6o for looking into it. Like you said; Terraform only support SystemAssigned. Running as SystemAssigned does create an identity when used but Purview on portal does not seam to support systemAssigned identity and allows only UserAssigned. I dont see any association of the SystemAssigned identity on the Portal which is no good.

myc2h6o commented 1 year ago

@RavulaChetan I've looked at the Swagger, it doesn't even expose the option of SystemAssigned, UserAssigned. I think it may be better for Azure to fix the issue within Swagger before we take the next step for the fix. I've opened https://github.com/Azure/azure-rest-api-specs/issues/22257 to describe the issue